CMPT 352 Midterm 2006 Exam NAME: . ■ _ •' 

80 Mins CLOSED BOOK 

Do all 9 questions for 62 marks. Student#: . , - - -- 

Use POINT FORM wherever possible. Use this paper (there is lots of room on the 
back). Please ask for an exam booklet if you need one. Budget your time as you 
could easily spend too long on a short question! If you are not sure what is meant by a 
question, or you spot a problem in the exam, write me a note about it and then make 
an assumption, and answer the question based on the assumption you have made (and 
stated). Closed Book - no books, notes or electronic devices allowed. 


1. (3 marks) When a workstation connected to a LAN reads all frames or packets 
going past it even though they are not addressed to it, the workstation is in 
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(3 marks) True or False: “Having a low-profile, little-known Web site makes it 
far less likely that your Web site will be attacked by hackers.” Briefly indicate the 
reason you chose your answer: 
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(3 marks) True or False: “nMap can usually tell what version of Windows is being 
ran on a targeted host.” Briefly indicate the reason you chose your answer: 
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(3 marks) True or False: “Determining the current operating system, web-server 
version, and the update history of a web site, while valuable to an attacker, is 
usually difficult to do.” Briefly indicate the reason you chose your answer: 
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5. (3 marks) True or False: “Many of the same legal issues arise when monitoring 
employee activity on a Web site and monitoring customer or visitor activity on 
the same Web site.” Briefly indicate the reason you chose your answer: 
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6. (5 marks) What is “network sniffing”? Name three (3) typical counter measures r - 

to limit the danger or to discover the presence of an unauthorized sniffer? r 
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Counter measures 
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7. (30 Marks - 3 marks each) Briefly define the following terms we have discussed 

in the field of infoSec (an example may help but is not required) AND explain the 
importance or use in information technology security: ' v 

4 v O 


a. The wild list: 
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b. Scan: 
Definition: 
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c. War driving: 
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e. Dumpster diving: 

Definition: LcO>k < ^ 
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f. Convergence: 
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g. Evil Twin attack on a wireless network 
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h. Risk Management 
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8. (6 marks) List three themes that have repeated throughout the history of infoSec 



9. (6 marks) List and briefly explain the 6 atomic elements of INFOSEC according 
to the model described by Donn Parker (an example, while not required, may help 
your explanation). 
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